I checked it when first posted against all url checkers, including VT, Norton safeweb, K TIP, B url check, and others; all came clean.
That's why I suspected it was hijacked, especially after @rashmi reported change of page of the exact web address.
Malicious website escaping secure dns
- Thread starter Parkinsond
- Start date
That's why I suspected it was hijacked, especially after @rashmi reported change of page of the exact web address.
Cloudflare Radar doesn't classify the website as compromised.
Now the website loaded and it showed the fake Chrome update page. But I got a warning before visiting that the site does not support secure connection, but when I accepted the risk, it loaded without any interactions from BD.
Btw clicking on Update Chrome does not do anything.
Btw clicking on Update Chrome does not do anything.
So enabling https-only mode does provide some sort of protection unless the user intentionally ignores the warning.
- Apr 28, 2015
- 9,397
- 1
- 84,814
- 8,389
Is that notification in Russian?
I checked ulr using Kaspersky threat intelligence portal 45 min ago; it was labelled safe (green).
- Apr 28, 2015
- 9,397
- 1
- 84,814
- 8,389
The main URL is clean, but when You click over the blue Chrome button...
It downloads a file, Installer.59-03-4-08, or at least I could download it when I accessed the website.
That what I got when trying to visit the link in your screenshotI was afraid to do so
5 seconds, wow! That's fast!
Take home message: Do not "entirely" rely on any security layer; response may take some time.
Common sense (prompt on browser other than Chrome, prompt on up-to-date Chrome, "CONTINUE" in capital letters, lack of logic that website cannot load except on the latest update of a browser) is your first line of defence.
Common sense (prompt on browser other than Chrome, prompt on up-to-date Chrome, "CONTINUE" in capital letters, lack of logic that website cannot load except on the latest update of a browser) is your first line of defence.
The update button leads to download a malware that's based on Node.js (the most popular JavaScript runtime environment).
ESET didn't block the malware download source site like Kaspersky, but the main malicious file was detected after extraction.
ESET didn't block the malware download source site like Kaspersky, but the main malicious file was detected after extraction.
How did you manage to download the infected file? I thought the server that's hosting the malicious files was taken down.The update button leads to download a malware that's based on Node.js (the most popular JavaScript runtime environment).
ESET didn't block the malware download source site like Kaspersky, but the main malicious file was detected after extraction.
View attachment 293470
Detected by Hawk Eye, just tried.
Nothing more satisfying for a solution engineer than seeing the solution work where many others fail.
Nothing more satisfying for a solution engineer than seeing the solution work where many others fail.
Last edited:
You may also like...
-
Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches- Started by Parkinsond
- Replies: 5
-
eScan confirms update server breached to push malicious update- Started by andytan
- Replies: 43
-
-
Korean malware removal tool I have never heard about before
- Started by Parkinsond
- Replies: 19
-
